一种支持内嵌数据处理的合约漏洞修复方案

doi:10.19665/j.issn1001-2400.20230208

Abstract

Abstract:

Smart contracts are programs deployed on the blockchain that enable distributed transactions.However,due to the financial attributes and immutable characteristics of smart contracts,they become targets of hacker attacks.Therefore,to ensure the security of contracts,it is necessary to repair vulnerable contracts.However,existing contract vulnerability repair schemes have problems such as low repair success rate and inability to handle complex contracts.To this end,a contract vulnerability repair scheme supporting inline data processing is proposed in this paper.The proposed scheme first studies and formalizes the dynamic loading mechanism of the Ethereum virtual machine,and constructs an inline data location algorithm based on memory copy instructions to parse and decompile the smart contract bytecode structure;then the smart contract bytecode is rewritten based on the trampoline mechanism,and the inline data address offset caused by rewriting is corrected,and finally the smart contract vulnerability repair is implemented.A prototype tool named SCRepair is implemented based on the proposed scheme,which is deployed on the local test network Ganache for performance testing,and compared with existing vulnerability repair tools EVMPatch and Smartshield.Experimental results show that the SCRepair improves the bytecode rewrite success rate by 26.9% when compared with the EVMPatch.Besides,the SCRepair has a better rewrite execution stability,and is less affected by the compiler version;the SCRepair can handle complex contracts better when compared with the Smartshield.

Key words: blockchain, smart contract, bytecode rewriting, decompilation, trampoline

CLC Number:

TP309

PENG Yongxiang, LIU Zhiquan, WANG Libo, WU Yongdong, MA Jianfeng, CHEN Ning. Contract vulnerability repair scheme supporting inline data processing[J].Journal of Xidian University, 2024, 51(1): 178-186.

Figures/Tables 1

References 14

[1]	王慧, 王励成, 柏雪, 等. 区块链隐私保护和扩容关键技术研究[J]. 西安电子科技大学学报, 2020, 47(5):28-39.
	WANG Hui, WANG Licheng, BAI Xue, et al. Research on Key Technology of Blockchain Privacy Protection and Scalability[J]. Journal of Xidian University, 2020, 47(5):28-39.
[2]	LUU L, CHU D H, OLICKEL H, el al. Making Smart Contracts Smarter[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2016:254-269.
[3]	LIU C, LIU H, CAO Z, et al. ReGuard:Finding Reentrancy Bugs in Smart Contracts[C]//2018 IEEE/ACM 40th International Conference on Software Engineering:Companion(ICSE-Companion). Piscataway: IEEE, 2018:65-68.
[4]	TSANKOV P, DAN A, DRACHSLER-COHEN D, et al. Securify:Practical Security Analysis of Smart Contracts[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2018:67-82.
[5]	AZZOPARDI S, ELLUL J, PACE G J. Monitoring Smart Contracts:Contractlarva and Open Challenges Beyond[C]//International Conference on Runtime Verification. Heidelberg:Springer, 2018:113-137.
[6]	MA F, FU Y, REN M, et al. EVM*:From Offline Detection to Online Reinforcement for Ethereum Virtual Machine[C]// 2019 IEEE 26th International Conference on Software Analysis,Evolution and Reengineering(SANER). Piscataway: IEEE, 2019:554-558.
[7]	WANG X, HE J, XIE Z, et al. ContractGuard:Defend Ethereum Smart Contracts with Embedded Intrusion Detection[J]. IEEE Transactions on Services Computing, 2019, 13(2):314-328.
[8]	AYOADE G, BAUMAN E, KHAN L, et al. Smart Contract Defense through Bytecode Rewriting[C]//2019 IEEE International Conference on Blockchain(Blockchain). Piscataway: IEEE, 2019:384-389.
[9]	ZHANG Y, MA S, LI J, et al. Smartshield:Automatic Smart Contract Protection Made Easy[C]// 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering(SANER). Piscataway: IEEE, 2020:23-34.
[10]	RODLER M, LI W, KARAME G O, et al. EVMPatch:Timely and Automated Patching of Ethereum Smart Contracts[C]//30th USENIX Security Symposium(USENIX Security 21). Berkely: USENIX, 2021:1289-1306.
[11]	WENZL M, MERZDOVNIK G, ULLRICH J, et al. From Hack to Elaborate Technique-A Survey on Binary Rewriting[J]. ACM Computing Surveys(CSUR), 2019, 52(3):1-37.
[12]	DUCK G J, GAO X, ROYCHOUDHURY A. Binary Rewriting without Control Flow Recovery[C]//Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation. New York: ACM, 2020:151-163.
[13]	CHEN T, LI Z, ZHANG Y, et al. A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts[C]//2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement(ESEM). Piscataway: IEEE, 2019:1-11.
[14]	FRANK J, ASCHENMANN C, HOLZE T. ETHBMC:A Bounded Model Checker for Smart Contracts[C]//29th USENIX Security Symposium(USENIX Security 20). Berkely: USENIX, 2020:2757-2774.

[1]	GUO Qing, TIAN Youliang. Medicaldata privacy protection scheme supporting controlled sharing [J]. Journal of Xidian University, 2024, 51(1): 165-176.
[2]	ZHOU Hao,MA Jianfeng,LIU Zhiquan,WANG Libo,WU Yongdong,FAN Wenjie. Blockchain-assisted solution for emergency message trust evaluation in the VANET [J]. Journal of Xidian University, 2023, 50(4): 148-156.
[3]	LIU Yuanzhen, YANG Yanbo, ZHANG Jiawei, LI Baoshan, MA Jianfeng. Blockchain scheme for anti malicious nodes in distributed machine learning [J]. Journal of Xidian University, 2023, 50(2): 178-187.
[4]	REN Yanli,ZHAI Mengjuan,HU Mingqi. Fair redactable blockchain supporting malicious punishment [J]. Journal of Xidian University, 2023, 50(1): 203-212.
[5]	HE Yu,TIAN Youliang,WAN Liang,YANG Li. Multi-server dynamic searchable encryption scheme supporting result verification [J]. Journal of Xidian University, 2022, 49(5): 189-200.
[6]	ZHANG Haibo,BIAN Xia,XU Yongjun,XIANG Shengting,HE Xiaofan. Blockchain-assisted vehicle reputation management method for VANET [J]. Journal of Xidian University, 2022, 49(4): 49-59.
[7]	ZENG Huixiang,XI Ning,XIE Qingqing,LV Jing,CUI Zhihao,MA Jianfeng. Decentralized ciphertext sharing based on blockchain [J]. Journal of Xidian University, 2022, 49(2): 135-145.
[8]	PAN Senshan,XU Lamei. DorChain:Utilization of dormant coins to improve the transaction verification efficiency [J]. Journal of Xidian University, 2022, 49(2): 182-189.
[9]	LI Xuelian,ZHANG Xiachuan,GAO Juntao,XIANG Dengmei. Blockchain data sharing scheme supporting attribute and proxy re-encryption [J]. Journal of Xidian University, 2022, 49(1): 1-16.
[10]	DU Ruizhong,WANG Yi,TIAN Junfeng. Support dynamic and verifiable scheme for ciphertext retrieval [J]. Journal of Xidian University, 2022, 49(1): 35-46.
[11]	YANG Yanbo,ZHANG Jiawei,MA Jianfeng. Method for using the blockchain to protect data privacy of IoV [J]. Journal of Xidian University, 2021, 48(3): 21-30.
[12]	LI Jinze,WANG Zhonghao,LI Mengheng,QIN Tuanfa. Spectrum sharing management method for the small-area-blockchain based on district partition [J]. Journal of Xidian University, 2020, 47(6): 122-130.
[13]	SI Chengxiang,GAO Feng,ZHU Liehuang,GONG Guopeng,ZHANG Can,CHEN Zhuo,LI Ruiguang. Covert data transmission mechanism based on dynamic label in blockchain [J]. Journal of Xidian University, 2020, 47(5): 94-102.
[14]	CHEN Siji,ZHAI Sheping,WANG Yijing. Blockchain privacy protection algorithm based on ring signature [J]. Journal of Xidian University, 2020, 47(5): 86-93.
[15]	XIE Yixi,JI Lixin. Blockchain-based bio-inspired distributed detection approach [J]. Journal of Xidian University, 2020, 47(5): 70-76.

Contract vulnerability repair scheme supporting inline data processing

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 1

References 14

Related Articles 15

Metrics

Comments

Recommended 0